Businesses are putting information security in jeopardy because supply chain and IT professionals not working together closely enough, according to a report.

Managing cyber and information risks in the supply chain found more than 70 per cent of Information Security Forum members are highly concerned about external supplier security arrangements and half of respondents are highly exposed to supplier risks. Despite this, just 15 per cent of members approach information security from a supply chain perspective, with the majority opting to just focus on first tier suppliers.

The report, authored by Omera Khan of the Logistics Institute at the University of Hull and Adrian Davis of the Information Security Forum, said: “Such an approach limits the understanding of information risk in a supply chain and may mean that risks such as the sharing of information between tiers is not evaluated.”

The research recommended companies develop new levels of collaboration between the supply chain and IT functions. It said: “Companies are required to build new levels of collaboration among security, IT and supply chain managers.”

The report also highlighted the inefficiencies caused by companies having different security requirements within their contracts. As suppliers have a number of customers, they will be pulled in a number of directions in order to meet the different demands they have agreed to.

At the CIPS Annual Conference 2011, Belinda Doshi, partner at law firm Nabarro, told buyers IT and information security was fast becoming a priority for procurement. She said: “In two or three years, if you are not putting in strong data security policies, then quite frankly, you are being negligent.”